I switch to md5-hashing by replacing \&quot;prefix=$2a$\&quot; in
/etc/pam.d/system-auth with \&quot;md5\&quot;, create a new user and try to set
a password for him. passwd (run under root) fails to do this:
Enter new password:
Re-type new password:
passwd: Memory buffer error.
(And with \&quot;prefix=$2a$\&quot; it works.)
In syslog-messages we can see this:
Jul 4 20:37:28 shamrock pam_tcb[18898]: crypt_gensalt_ra: Invalid argument
---
use the attached /etc/pam.d/system-auth
$ useradd t
$ passwd t
You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters,
digits and other characters. You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes. Characters that form a common pattern are discarded by
the check.
A passphrase should be of at least 3 words, 12 to 40 characters
long and contain enough different characters.
Alternatively, if noone else can see your terminal now, you can
pick this as your password: \&quot;format_behave&amp;exempt\&quot;.
Enter new password:
Re-type new password:
passwd: Memory buffer error.
$
---
# rpm -qa passwd \'*tcb*\' \'*pam*\' glibc | sort -u
glibc-2.2.5-alt10
libpam-0.75-alt15
libtcb-0.9.7.1-alt1
nss_tcb-0.9.7.1-alt1
pam-0.75-alt15
pam-config-1.1.2-alt1
pam_console-0.75-alt15
pam_passwdqc-0.4-alt3
pam_tcb-0.9.7.1-alt1
pam_userpass-0.5-alt3
passwd-1.0.0-alt1
tcb-utils-0.9.7.1-alt1# rpm -qa passwd \'*tcb*\' \'*pam*\' glibc | sort -u |
xargs rpm -V
S.5....T c /etc/pam.d/system-auth

There are no bug at all, neither in \&quot;passwd\&quot; nor in
\&quot;pam_tcb\&quot; or in \&quot;libcrypt\&quot;.
Every time you change password hashing algorithm for pam_tcb, please ensure you
do it right way; for example, change of \&quot;prefix\&quot; parameter also
requires update of \&quot;count\&quot; parameter.

There are no bug at all, neither in \&quot;passwd\&quot; nor in
\&quot;pam_tcb\&quot; or in \&quot;libcrypt\&quot;.
Every time you change password hashing algorithm for pam_tcb, please ensure you
do it right way; for example, change of \&quot;prefix\&quot; parameter also
requires update of \&quot;count\&quot; parameter.